Hi thanks for your answer. I will try it.
Br 2008/2/10, Reinhard Stich <[EMAIL PROTECTED]>: > > hi, > > you should have the vrrp-ip in the topology and fw-object that you want to > use with vpn. You can add the other vrrp2-IPs to dummy interfaces or to a > dedicated object. Be careful with "hide behond gw" in nat-configs, better > use defined IPs. You also can't use auto-art with nat. > > br > reinhard > > -- > > Reinhard Stich, Internet Security AG > Mobile email powered by Nokia Intellisync > *** please reply-to-all if you answer to this mail *** > -----Ursprüngliche Nachricht----- > Von: kazeka sho > Gesendet: 09.02.2008 22:53:04 > An: Mailing list for discussion of Firewall-1 > Betreff: Re: [FW-1] How to configure Checkpoint object when using Nokia > VRRP MC in load sharing mode > > > > I will explain my problem more precisely : > > > I have 2 Nokias where I configured 3 interfaces on each appliance. 1 for > the > > inside, 1 for the outside and 1 for the synchronization. > I will call my Nokia appliances : Nokia1 and Nokia2. > I created a a first VRID (I will call it VRID1) for both interfaces inside > > and outside would be monitored where Nokia1 is the master and thus Nokia2 > the backup. I created another VRID (VRID2) for the same interfaces and > where > Nokia2 is the master and Nokia1 the backup. > > So I have 4 VRRP addresses 2 for the outside and 2 for the inside. And I > made Load sharing by routing from the machine. For 100 machines, there are > 50 where the default gateway is the VRRP of VRID1 and the other 50 is VRRP > of VRID2. > > > If I chose Nokia VRRP on the Checkpoint object, I think there would be a > problem since both Nokia will pass trafic and there would have some drops. > > And I would like to know what really happen if I made a get topology with > that kind of configuration. > > > Cheers > > 2008/2/9, David DeSimone <[EMAIL PROTECTED]>: > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > kazeka sho <[EMAIL PROTECTED]> wrote: > > > > > > > In fact I have a cluster of Nokia in VRRP MC but I made Load Sharing > > > with its. I mean that I have 2 monitored interfaces and 2 VRIDs where > > > one is the master for one VRID and the slave for the other one. So > > > for a side I will have two VRRP addresses. > > > > > > I will make load sharing by routing my servers by using these > > > addresses. > > > > This is not what I think of when I think of the term "load sharing" > > because VRRP does not create a load-sharing environment. Only one or > > the other device will receive traffic for a particular IP. But that is > > just semantics, I suppose. > > > > > My question is to know how to configure the Checkpoint Object in order > > > to make it fully work. > > > > In your "3rd Party Configuration" tab, make sure you have chosen "Nokia > > VRRP" as the "3rd Party Solution" for the cluster object. > > > > When using Nokia VRRP, Checkpoint always uses a load-sharing mode of > > operation, because the choice of master or slave is decided by the OS, > > and not by Checkpoint. So, Checkpoint makes sure that whichever cluster > > member receives traffic, it will process it correctly. > > > > Make sure your sync network is working. :) > > > > - -- > > > David DeSimone == Network Admin == [EMAIL PROTECTED] > > "This email message is intended for the use of the person to whom > > it has been sent, and may contain information that is confidential > > or legally protected. If you are not the intended recipient or have > > received this message in error, you are not authorized to copy, dis- > > tribute, or otherwise use this message or its attachments. Please > > notify the sender immediately by return e-mail and permanently delete > > this message and any attachments. Verio, Inc. makes no warranty that > > this email is error or virus free. Thank you." --Lawyer Bot 6000 > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.4.1 (GNU/Linux) > > > > > iD8DBQFHrPqHFSrKRjX5eCoRAghaAJwJhvE0WBTAS29xRzTtHMVRJ13j8ACfeXGf > > 83YSy/q37+7HEp95/kA6vPg= > > =nycU > > -----END PGP SIGNATURE----- > > > > Scanned by Check Point Total Security Gateway. > > > > ================================================= > > > To set vacation, Out-Of-Office, or away messages, > > send an email to [EMAIL PROTECTED] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [EMAIL PROTECTED] > > ================================================= > > > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
